AMENDMENTS TO THE CLAIMS 

1. (currently amended) A method for creating a proof of possession 
confirmation for inclusion by a certification authority into a digital certificate, the digital 
certificate for use by an end user, the method comprising: 

receiving, from the certification authority in response to a certificate 
request by the end user, a plurality of data fields corresponding to a target host system, the 
identity of the end user, and a proof of identity possession by the end use r, said plurality 
of data fields further comprising a host name, a subject identification, a subject public key 
information, and a sealed proof of possession ; 

analyzing the content of said plurality of data fields by decrypting a proof 
of possession structure from said sealed proof of possession, extracting a password from 
said sealed proof of possession structure, extracting a key identifier from said proof of 
possession structure and calculating a correct key identifier from said subject public key 
information ; 

verifying the accuracy of said plurality of data fields; and 
if said plurality of data fields is verified as accurate, sending a signed 
object to the certification authority, said signed object comprising the proof of possession 
confirmation, wherein said proof of possession confirmation is constructed in a manner 
so as to prevent replay attacks by an impostor. 

2. (cancelled) 

3. (cancelled) 

4. (currently amended) The method of claim-31 , wherein the accuracy of said 
plurality of data fields is verified if: 

said host name is matched with an identity of said target host system; 
said extracted password is validated as a valid password for the end user; 

and 
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said extracted key identifier is matched with said correct key identifier 
calculated from said subject public key information. 

5. (currently amended) The method of claim-31, wherein said extracted 
password and said extracted key identifier are initially symmetrically encrypted. 

6. (currently amended) The method of claim-3-1, wherein said extracted 
password and said extracted key identifier are initially asymmetrically encrypted. 

7. (original) The method of claim 1, wherein: 

said plurality of data fields includes a password; and 
said signed object does not include said password. 

8. (currently amended) A storage medium encoded with a machine readable 
computer program code for creating a proof of possession confirmation for inclusion by a 
certification authority into a digital certificate, the digital certificate for use by an end 
user, the storage medium including instructions for causing a computer to implement a 
method, the method comprising: 

receiving, from the certification authority in response to a certificate 
request by the end user, a plurality of data fields corresponding to a target host system, the 
identity of the end user, and a proof of identity possession by the end use r, said plurality 
of data fields further comprising a host name, a subject identification, a subject public key 
information, and a sealed proof of possession ; 

analyzing the content of said plurality of data fields by decrypting a proof 
of possession structure from said sealed proof of possession, extracting a password from 
said sealed proof of possession structure, extracting a key identifier from said proof of 
possession structure and calculating a correct key identifier from said subject public key 
information ; 

verifying the accuracy of said plurality of data fields; and 
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if said plurality of data fields is verified as accurate, sending a signed 
object to the certification authority, said signed object comprising the proof of possession 
confirmation, wherein said proof of possession confirmation is constructed in a manner 
so as to prevent replay attacks by an impostor. 

9. (cancelled) 

10. (cancelled) 

1 1 . (currently amended) The storage medium of claim-408, wherein the 
accuracy of said plurality of data fields is verified if: 

said host name is matched with an identity of said target host system; 
said extracted password is validated as a valid password for the end user; 

and 

said extracted key identifier is matched with said correct key identifier 
calculated from said subject public key information. 

12. (currently amended) The storage medium of claim~4©8, wherein said 
extracted password and said extracted key identifier are initially symmetrically encrypted. 

13. (currently amended) The storage medium of claim-408, wherein said 
extracted password and said extracted key identifier are initially asymmetrically 
encrypted. 

14. (original) The storage medium of claim 8, wherein: 

said plurality of data fields includes a password; and 
said signed object does not include said password. 

15. (currently amended) A computer data signal, embodied in a carrier wave 
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for creating a proof of possession confirmation for inclusion by a certification authority 
into a digital certificate, the digital certificate for use by an end user, the computer data 
signal comprising code configured to cause a processor to implement a method, the 
method comprising: 

receiving, from the certification authority in response to a certificate 
request by the end user, a plurality of data fields corresponding to a target host system, the 
identity of the end user, and a proof of identity possession by the end use r, said plurality 
of data fields further comprising a host name, a subject identification., a subject public key 
information, and a sealed proof of possession ; 

analyzing the content of said plurality of data fields by decrypting a proof 
of possession structure from said sealed proof of possession, extracting a password from 
said sealed proof of possession structure, extracting a key identifier from said proof of 
possession structure and calculating a correct key identifier from said subject public key 
information ; 

verifying the accuracy of said plurality of data fields; and 
if said plurality of data fields is verified as accurate, sending a signed 
object to the certification authority, said signed object comprising the proof of possession 
confirmation, wherein said proof of possession confirmation is constructed in a manner 
so as to prevent replay attacks by an impostor. 

16. (cancelled) 

17. (cancelled) 

18. (currently amended) The computer data signal of claim4^15, wherein the 
accuracy of said plurality of data fields is verified if: 

said host name is matched with an identity of said target host system; 
said extracted password is validated as a valid password for the end user; 

and 
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said extracted key identifier is matched with said correct key identifier 
calculated from said subject public key information. 

1 9 . (currently amended) The computer data signal of claim-4^15 9 wherein said 
extracted password and said extracted key identifier are initially symmetrically encrypted. 

20. (currently amended) The computer data signal of claim4^.15 ? wherein said 
extracted password and said extracted key identifier are initially asymmetrically 
encrypted. 

2 1 . (original) The computer data signal of claim 1 5, wherein: 

said plurality of data fields includes a password; and 
said signed object does not include said password. 

22. (currently amended) The method of claim~21, wherein said sealed proof of 
possession is verifiable for compatibility with at least one other of said plurality of data 
fields of said certificate request, 

23. (currently amended) The storage medium of claim-98, wherein said sealed 
proof of possession is verifiable for compatibility with at least one other of said plurality 
of data fields of said certificate request. 

24. (currently amended) The computer data signal of claim-4615, wherein said 
sealed proof of possession is verifiable for compatibility with at least one other of said 
plurality of data fields of said certificate request. 
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